Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Flash player settings has an option to set the amount of local storage permitted for the player. What happens if I set that amount to zero and mark it permanent (i.e. check box remember)?
Would it remove the ability of the flash player to set cookies?

I actually use Linux, what scares me is that the ONLY closed source piece of software on my computer is flash.I think Adobe knows, or hopes, that they will one day be providing massive amounts of video content from actual television channels and Cable Company's and the only way to build some kind of content protection system, DRM, or paid service model would be to keep Flash closed.

Probably would work... Well, I'd simply do "rm ~/.adobe/*; chmod 500 ~/.adobe/*", which would be shorter and keep read/access rights to said directory.

That said, if Flash expects to be able to write to that directory, it might crash when it tries to utilize it. So it really isn't a foolproof method.

As per this moment, under.adobe in my home directory exists the following structure: "~/.adobe/Flash_Player/AssetCache/VSUUJTSX/". The directory is probably randomly generated just like profile directories in Mozilla (harder to predict in case of a flaw in the plugin/browser). In there are just files with the extensions.swz and.heu and one file called "cacheSize.txt". None of these files seems to be human readable (well, okay cacheSize.txt makes somehow sense). Oddly enough, the oldest file is from 25th September 2010. As I use my browser daily and don't mind youtube or the odd flash game, this is strange indeed. I would nearly say that they stopped using it.

I actually did this and it does not work. Many sites are broken (hypem.com to name one of them). An alternative that works fine for me, is rm -rf ~/.adobe ~/.macromedia ; ln -s/tmp ~/.adobe ; ln -s/tmp ~/.macromedia. Since/tmp is cleared at every reboot, I get "session" cookies but never persistent ones. Yay.

I took a similar tactic. I run Linux (Fedora 14) and simply created a Startup entry that deleted my local Adobe Flash storage whenever I login to GNOME. Since I logout at the end of the day, this effectively clears out my Flash cache. Flash can keep what data it likes, but it can only keep it for a day.

In GNOME, click System - Preferences - Startup Applications. Then click Add to add a new entry. For the command, I just typed rm -rf/home/jhall/.adobe

Well there are a couple of other choices, at least if you are on Windows. One you can use a third party tool like CCleaner [ninite.com] (which I prefer this link as it is a fully automated install that doesn't ask to install Chrome and will install CCleaner to the right click of the recycle bin) that has a nice little checkbox for cleaning out Flash crap, or Two if you don't mind spending some money for some cool extras you can pick up SuperSpeed RAMDisk [superspeed.com] and set your temp folders to a RAMDisk which will be wiped on rebo

Flash's behavior when disable cookies is really terrible, mostly due to developers that don't care about such a situation. However, this is pretty much the same with any given HTML/javascript web app. From my perspective simply blaming Flash isn't constructive.

The real problem is having multiple locations to store local data and no single place to clear it. I'd say the browsers and W3C should be the solution to this. They should really put their collective foot down and set a standard by which plugins are allowed to store data and integrate with the browser. This would go a long way towards solving a lot of the privacy concerns of Flash and HTML5. There would still be some tricks to identify a user (font list, user agent string, plugin versions, etc) but again the solution is the same.

We're already part of the way there: HTML 5 includes its own local storage scheme. If this was around (and widely supported) when Flash was first being developed, I'm sure they wouldn't have bothered to concoct their own local storage, because there'd be no need.

All we need to do is encourage Adobe and other plugin developers to use the new standard instead of making up their own custom schemes. Which shouldn't be that hard, since in the long run it makes the developers' jobs easier.

The problem is that the browser vendors are in bed with the advertisers. Google is the advertisers, Firefox is funded by Google who is the advertisers, Opera is trying to do things that make Facebook seem private, Safari on anything but Mac sucks, and Microsoft hasn't released a browser that didn't suck in 10 years.

The unfortunate reality of a world in which all sorts of things are free is that the end user is no longer the customer and therefor no longer right. If we still paid for web browsers I suppose w

HTML5 storage is particularly nasty because the data isn't (necessarily) stored in separate files, they're stored in a database, so different browsers will store them in different ways. And HTML5 storage is already being exploited by marketing companies. There needs to be a BetterPrivacy-style plugin for HTML5 storage, but the only Firefox plugin I've seen so far that touches HTML5 storage at all is Nevercookie, and it only does that to kill Evercookies.

It's not bad coding. Most browser apps I have been involved in writing involve local storage for some data, rather than going back and forth to the DB every time the user needs something. Certainly there should be a check to see if it is set to zero and then a message saying, "How do you expect any app to work without local storage, dolt?".

what do you think? That I have time to read that fine article? Are you crazy? I like reading slashdot because of all those short summaries. And now, you didn't bother to even write a summary. So why do you bother to submit it?

Because you are glad, that adobe needs to provide a way to remove their stupid cookies?

We don't use the iPhone and don't know anybody that does, but it needs to support flash for some reason.

My wife has an iPhone (which we frequently compare with my G1). She watches a fair number of videos on it, including youtube, and she hasn't expressed any problems with this. She has noticed the lack of flash ads in a lot of sites' pages, but she doesn't consider that a problem, either.

If she's any example of the typical Apple fanperson, Apple just might do well to continue to block flash. Maybe they should make this an option for Macs, too.

We don't want to install Flash on the iPhone, we want the possibility of doing so without Apple choosing it for us. Flash is just a notorious example of the iP* platform restrictions any geek/hacker should loath.

It's not so much about a burning desire to have Flash on an iPhone, but rather resentment that Apple tells us that we aren't allowed to have Flash on our iPhone. We want freedom more than flash content, which is why some of us have indeed skipped the iPhone entirely.

However, not knowing anyone that uses an iPhone? Really? The number of iPhone users I know is double the number of Blackberry or Android users combined.. It's hard to throw a stone without hitting an iPhone user.

More and more, its looking like Steve Jobs was right (albeit for the wrong reasons) about Flash. HTML 5 is capable of replacing Flash in 95% of cases and in almost all of those cases provides better performance and accessibility. Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

Yeah 50 years from now a guy on a tech news/comedy show (which will ironically be one of the best tech news sources) will probably make a montage of people talking about ending the web's dependence on Flash over the last 50 years:-(

It isn't about accessibility or to an extent, performance... if you release an application toolset similar to Flex/Flash or Silverlight (VS/Blend) that produce outut as readily, while targetting HTML5, that might be true,,, if you could package html5 apps into a single package to download like SWF or XAP (in the browsers), that might be true as welll. I really enjoy web application development, but those two points are what will hold broader HTML5 support in the wild back... Server-side prorammers prefer a

HTML is simply a document markup language. It hasn't been "stretched" in any way. What are all those extensions that distorted HTML?

And just because many people use Flash, doesn't mean it's better. It was for a long time, if the current share is a reflection of its current quality or just a reflection of its history, it's not clear.

And who exactly do you think should written the HTML specs? What's the problem with browser vendors writing it? This isn't like the Netscape/IE wars, where each vendor wrote thei

HTML5 will be like every other HTML spec. Poorly implemented across the board. "Hacks" all over the place for different browsers.
Flash overcame all this a long time ago. With Flex, it has a fully working development environment that will run on all browsers and all OS's and where, with not much more than the click a checkbox you can compile your app for desktop ot browser.
It is also relatively secure (compare it to Java browser plugins, for instance).

HTML + JS runs in more OSes and browsers (iOS, for example, but many others). It also doesn't need to be compiled at all.

As for security, Flash has a terrible track record. Who cares if it's better that Java? We were talking about HTML, not Java. And since you need an HTML browser to access Flash websites, you're just adding more vulnerabilities by having it running.

I believe the problem may have something to do with persistent cookies. I'm not sure why I have this impression... it's just some idea that came to me out of nowhere... oh, wait, I know where that idea came from! I read the first goddamn sentence of the summary.

From TFA: "While a browser can remove “normal” HTTP cookies, the privacy controls in a web browser like Mozilla Firefox or Microsoft (NSDQ: MSFT) Internet Explorer can’t remove Flash cookies, which can only be removed by using two separate services available on Adobe’s web site."

Also: "At least one browser, Google Chrome, now allows users to control the Flash cookies from within their browser’s privacy controls."

You might want to look at the BetterPrivacy Add-on as well as the above. It is a whitelist based manager of Flash cookies. Which are used by a surprising number of sites that don't use Flash in any obvious way, including Gmail.com (whose Flash cookie I allow).

But I forgot. SL was made by Microsoft and is therefore clearly and obviously evil.

There. Now it's fixed.

Microsoft has spent the last 30 years polishing its reputation as the world's greatest institution of evil genius. It has definitely earned that reputation, and fully deserves everything that goes along with it.

Don't try to take away from Microsoft what it has worked so damned hard to obtain.

Good thing you pointed that out. The article is talking specifically about the privacy issues of Flash cookies.

The "Flash problem" as geeks know it is that a full browsing experience depends on a closed-source plugin (with a terrible security history), compatible only with select browsers and platforms (with vastly different release schedules for the plugin on different OSes), made by a single company for the display of in-page video and complex interactive content. When I saw the article title I thought th

Microsoft/IE doesn't have that kind of power over the web any more, for one thing, and next, consider that IE doesn't come with Flash right now, and it didn't seem to stop or even slightly slow down Flash adoption. If MS ignored HTML5 entirely, they'd just be creating a space for the Adobe of HTML5 plugins - in fact in that case it would be a smart move for Adobe to add HTML5 rendering into their Flash plugin for IE.

What the FTC or whatever needs to do is not to build some Do-Not-Call system for Internet tracking. It's pointless to fine them insignificantly, and they never delete the data. Besides, they share it everywhere, and it's gone and done in minutes. Scattered everywher.

No, the FTC or whatever should build a Do-Not-TRY system. Internet sites should be required to not even try to track us, and honor a 'Universal Do-Not-Try-To-Track' cookie. Essentially, getting caught leaving cookies otherwise should be evi

Essentially, getting caught leaving cookies otherwise should be evidence of the attempt, and bill them.

So you want to enter your username and password every time you reload a page, every time you post a comment &c.? Or you're cool with URLs which look like 'http://www.example.com/page?sessid=37a1-fb6c-9372-11de' instead or 'http://foo:bar@www.example.com/page' instead of 'http://www.example.com/page'?

Do you even know what cookies are, what they do or why they were added in the first place?

Since we really can;t ban cookies, and since we can't even tell the difference between a 'tracking cookie' and any number of useful and innocuous cookies, we're stuck with figuring out that we are being tracked, usually by accident. In this environment, theh FTC has a Sisyphean task in trying to implement a 'do-not-track' option for Internet users. Let's leave the foreign sites, aggrega

Internet sites should be required to not even try to track us, and honor a 'Universal Do-Not-Try-To-Track' cookie.

Web sites that encounter people who have opted out of tracking cookies will likely require them to register and log in before reading an article beyond the first paragraph. If most of the major news sites do this, starting with Fox News (and other Murdoch properties) and spreading to competitors, watch people opt back in.

I would imagine it tells flash it's storing the cookie where it wants to, but uses a pointer to the address of the firefox cookie folder; then tells flash it grabbed it from the location flash said it was stored?

In theory you could do that, using hooks on certain calls, but the Chromium doesn't; they just use Windows' permission system to disallow writing to any directory except authorized ones, so if the plugin tries to write anywhere else it'll get an authorization error, so many of the current plugins crash on Chromium with the sandbox enabled.It seems they got Adobe to release a version of Flash that actually does the right thing, so Flash will probably be sandboxed soon enough, but other plugins might take a w

I've (unfortunately) written a lot of both and they are extremely similar to each other. Yes, there are a lot of features inside that bloated Flash runtime, but that doesn't mean ActionScript is not like JavaScript.

ActionScript isn't like JavaScript? They are both based on ECMA Script, they are very similar as languages.

AS1 was Flash's direct counterpart to JavaScript. AS2 and AS3, on the other hand, added static typing and class-based as opposed to prototype-based inheritance. See AS timeline on Wikipedia [wikipedia.org].

Hey, I have to agree. I stopped using actionscript with version 2.0 (a version backwards-compatible with AS 1.0).

My major misgiving with flash is not the language it uses, but its insistence on putting proprietary brackets around functions that most any computer should be able to handle - or in other words, it's beyond its time. Shouldn't modern browsers be capable of natively handling image/video/graphic manipulation scripts? They are - but only through javascript. And yes, Javascript is a b*tch to program